Zhang Shurong

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.5.4 **Description** The issue is related to a null pointer dereference in the `af9035 i2c master xfer` function. In this function, `msg` is controlled by the user, and when `msg[i].buf` is null and `msg[i].len` is zero, former checks on `msg[i].buf` would be passed, allowing malicious data to reach `af9035 i2c master xfer`. If `msg[i].buf[0]` is accessed without a sanity check, a null pointer dereference would occur. A check on `msg[i].len` has been added to prevent the crash. **Recommendations** To resolve the issue, upgrade the Linux kernel to a version newer than 6.5.4. As a temporary workaround, consider restricting access to the `af9035 i2c master xfer` function until a patch is available.